<?php

class registereduser extends head2d {

/*
 Some security rules
 - This program cannot be used unless you have 'ALL' privileges
 - Any users you set up will be assigned to the same database as this user
 - You cannot assign 'ALL' privileges unless you have 'ALL' privileges so even if the manager is overwritten, the object isn't. 
 - Part of the process of adding a new database also involves adding a registered user entry assigned to the new schema
 - and can only be done by a DBA.
*/
 
 function registereduser() {
  $this->table = "registereduser";
  $this->linetable = 'registereduserline';
  $this->lineatts = 3;
  $this->getmetadata();
  $this->maintainhist = true;
	$this->createblank();
  $this->header[2] = "";
  $_SESSION[$this->table] = $this;  
 }

function readuser($email) {
if($email == "ALL" || $email == "")
 return false;
 $dblink = getconn();
 $itemid = mysqli_real_escape_string($dblink,$email);
 $stmt = "select * from registereduser where name = '$email' and strcmp(name,'$email') = 0";
 
 $result = mysqli_query($dblink, $stmt);
 if ($result) {
  $ans = mysqli_fetch_array($result, MYSQLI_NUM);
	if ($ans != array()) {
  $this->header = $ans;
  $this->origheader = $ans;
	
  $ans = sqlreadarray("select * from registereduserline where itemid='".$ans[0]."' order by seq");
  if($ans != "") {
   $this->lines = $ans;
   $this->origlines = $ans;
  }
  $this->currentline = $this->defaultline();
  return true;
	} else {
	 return false;
	}
 } else {
  return false;
 }
}
 
 function newcounter() {
  return getcounter('USE',1);
 }
  
 function createblank() {
  parent::createblank();
	$this->header[0] = '0';
	$this->header[4] = '0';
  $this->header[6] = date("Y-m-d H:i:s");
  $this->header[7] = '';
  $this->header[8] = 'Y';
  $this->header[9] = 'liftmate';
  $this->currentline = $this->defaultline();
 }

 function defaultline() {
  $ans = array_fill(0,$this->lineatts,"");
  $ans[1] = sizeof($this->lines) * 1;
	$ans[2] = 'USE' ;
  return $ans;
 }

 function showform() {
  $t = micro_time();
  echo '<head>';
  echo SCRIPTS;
  echo '</head>';
  $focus = 'f0';
  if ($this->header[0] != '') {$focus = 'f1';}
  if ($this->header[1] != '') {$focus = 'f5';}
  if ($this->header[5] != '') {$focus = 'f8';}
  if ($this->header[8] != '') {$focus = 'l2';}

  echo "<body onload='document.form.$focus.focus()'>";
  echo "<h1>Registered User Setup</h1>";
  echo "<form name='form' method=POST>";
  echo "<input type=hidden name=res value=''>";
  echo "<input type=hidden name=x value=''>";
  echo "<table>";
  if($this->header[2] == '0') {
   echo $this->htmlrow('0','User ID');
  } else {
   echo $this->htmlrow('0','User ID ','disabled');
  }
  echo $this->htmlrow('1','Name');
  echo $this->htmlrow('5');
  echo $this->htmlrow('8');
  echo "<tr><th></th><th>Group</th></tr>";
  
  for($i = 0; $i < sizeof($this->lines) ; $i++) {
   echo "<tr><td>";
   echo "<img title='Delete line' onclick=submitform2($i) src='images/X.gif'>";
   echo "</td>";
   echo "<td>".$this->lines[$i][2]."</td><td class=err></td>";
   echo "</tr>\n";
  }

  echo '<tr><th>Add Group</th><th><input name=l2 value='.$this->currentline[2].'></th><th>'.$this->currentlinevalids[2].'</th></tr>';
  echo "</table>";

  echo "<input type=hidden name=t value=".micro_time().">";
  echo '<input class=bt accesskey=A type=submit name=sub value=Apply>';
  if($this->header[2] != '0') {
   echo '<input class=bt accesskey=D type=submit name=sub value=Delete>';
  }
  echo '<input class=bt accesskey=S type=submit name=sub value=Save>';
  echo '<button type=button class=bt onclick=rest()><span>Restart</span></button>';
  echo "</form>";
 }
 
 function selectlist($condition) {
   $stmt = "select itemid,name from " . $this->table." where schemaname = '". $_SESSION['schema']."' ";
   $words = explode(" ", $condition);
   if ($condition !== "" and $condition !== "ALL") {
    if (sizeof($words) > 1) {
     for ($i = 0; $i < sizeof($words); $i++) {
      $stmt .= " and name like '%$words[$i]%'";
     }
    } else {
     $stmt .= " and (name like '%$condition%' or itemid like '%$condition%')";
    }
   }
   $stmt .= " order by editdate desc limit 1000";
   $ans = sqlreadarray($stmt);
   $this->lastsearchresults = $ans;
   $this->lastsearch = $condition;
   return $ans;
 } 

 function setnewuser($name,$email,$password) {
  $this->header[1] = $email;
	$this->header[5] = md5($password);
	$this->header[6] = '0000-00-00';
	$code = md5($password.$email);
	$this->header[7] = $code;
	$this->header[8] = 'N';
	$this->header[9] = 'liftmate';
	return $code;
 }
  
 function applyfromrequest() {
  $this->valid = true;
  // Goes through request. Applies if legal, otherwise error.
  $this->valids = array_fill(0,$this->atts,'');
  $this->currentlinevalids = array_fill(0,$this->lineatts,"");

  if(isset($_REQUEST["f0"])) {
   $f = $_REQUEST["f0"];
   $exists = freaditem("registereduser",$f);
   if(preg_match('/^[0-9A-Z]{2,45}$/',$f)) {
    if($exists != "") {
     $this->valids[0] = "That user already exists";
    } else {
     $this->header[0] = $f;
    }
   } else {
    $this->valids[0] = "Please enter a valid user id using letters and numbers only";
   }
  }

  if(isset($_REQUEST["f1"])) {
   // name. Allowable characters A-Za-z-space apostrophe
   $f = $_REQUEST["f1"];
   if(preg_match('/^[0-9a-z A-Z\'\.-]{2,45}$/',$f)) {
    $this->header[1] = $f;
   } else {
    $this->valids[1] = "Please enter a valid name letters and numbers only";
   }
  }

  if(isset($_REQUEST["f5"])) {
   //Password
   $f = $_REQUEST["f5"];
   if(preg_match('/^[0-9A-Za-z]{2,45}$/',$f)) {
    $this->header[5] = $f;
   } else {
    $this->valids[5] = "Please enter a password letters and numbers only";
   }
  }

  if(isset($_REQUEST["f8"])) {
   //Password
   $f = $_REQUEST["f8"];
   if($f == 'Y' || $f == 'N') {
    $this->header[8] = $f;
   } else {
    $this->valids[8] = "Enter Y or N";
   }
  }

  $this->lineapplycurrentfield(2,'Error');
  $p = 2;
  $err = 'User must be in class ALL, DEALER, ADMIN, MAINTAINER or CLIENT';
  $f = @$_REQUEST["l$p"];
  if ($f == 'ADMIN' || $f == 'MAINTAINER' || $f == 'CLIENT' || $f == 'DEALER' || ($f == 'ALL' && isauthorised('ALL') )) {
   // Ensure no duplicates
   foreach ($this->lines as $line) {
    if ($line[2] == $f) {$this->currentlinevalids[2] = 'Group already assigned';}
   }
   $this->currentline[$p] = $f;
  } else {
     $this->currentlinevalids[$p] = $err ;
  }
  if ($this->currentline[2] == '') $this->currentlinevalids[2] = $err ;

  $this->removeline();
  $this->addline();
  $this->valid = every($this->valids,"");
  if($this->valid) {
   if($this->header[0] == "") $this->valids[0] = "Incomplete";
   if($this->header[1] == "") $this->valids[1] = "Incomplete";
   $this->valid = every($this->valids,"");
  }

 }

}

?>